24 matches found
EUVD-2020-19415
Malware in sbrugna...
EUVD-2017-5651
Malware in sbrugna...
EUVD-2017-18710
Malware in sbrugna...
EUVD-2021-30346
Malicious code in bioql PyPI...
PT-2023-33072 · Lxd · Lxd
Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Description: A security issue allows users with restricted access to a project to gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is...
CVE-2021-43411
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
Information Disclosure
Linux kernel is vulnerable to information disclosure vulnerability. This is because the movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. A local attacker could learn the memory layout of a setuid executable allowing mitigation of ASL...
kernel: Missing permission check in move_pages system call
The movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR...
glibc '$ORIGIN' Expansion Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...
Unspecified Vulnerability in GuixSD
GuixSD is an advanced version of a set of GNU Linux operating systems developed by the GNU Project. It is equipped with the GNU Guix package manager, support for transactional upgrades, etc., and provides an interface to the Guile Scheme API. GuixSD Git commit...
CVE-2017-14140
The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...
CVE-2017-14140
The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...
UBUNTU-CVE-2017-14140
The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...
Flatpak Local Elevation of Privilege Vulnerability
Flatpak is a system for building and installing Linux desktop applications. A local elevation of privilege vulnerability exists in versions of Flatpak prior to 0.8.7. A local attacker could exploit this vulnerability to run the setuid executable...
Design/Logic Flaw
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
VMWare Setuid vmware-mount Unsafe popen(3)
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...
Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit
No description provided by source. / excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated, to make sure unauthorize...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...